Analysis

 
 
By Larry Seltzer  |  Posted 2006-10-02 Print this article Print
 
 
 
 
 
 
 


Some of the best products surprised me. I didnt expect Symantec to do so well, but hats off to them. People like to complain about them, mostly for reasons unrelated to detection percentage, but this test does seem to show that they have taken detection of non-viral malware very seriously. The other high scorers, AntiVir in particular, dont get a lot of attention in the press, and perhaps we have not done them justice.

Then down in the Hall of Shame section we have many products that cant seem to keep up with the flood of malware. Ill start this list with Microsoft which, at 76.18 percent is seriously third-rate. I expected better from Sophos, although thats based on reputation, not personal experience. The eTrust engines and ClamAV are just where I expected them. Of course, even if they didnt dispute the tests in some way, authors of these products might claim that users are highly unlikely to encounter most of the threats in it.

What does this test show? Is it more important that its possible for products, especially if they use multiple engines, to detect a very high percentage of attacks? Or that the majority of products let through a very high number of attacks? I have to focus on the latter point. It makes me want to consider, once again, alternative approaches to malware.

Most, if not all of these products, detect many classes of malware generically by common characteristics. I asked Andreas Marx and he confirmed that they didnt break out for this test which detections were based on specific signatures and which were generic, which is a difficult distinction for an outsider to draw in any case.

But I have to think that the percentage of such detections is increasing over time, especially in products like Symantecs. They cant actually have anywhere near 290,000 signatures.

Webroots SSE 3.0 takes the next step in malware defense, adding the ability to detect rootkits and the malware strains hidden within. Click here to read a review.

And then there are many companies trying to come at the problem from the other direction, whitelisting programs that the user should be allowed to run and disallowing everything else. This is an old idea and has proven difficult to manage in the past, and it misses malicious code run through most vulnerabilities like buffer overflows. I hear from just about all of these "alternative" approach vendors and I wonder if their time will ever come, but their mission is becoming more important.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer


 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel